Data security fines quadruple in 12 months

Fines issued by the Information Commissioners Office in the last year totalled £1.8 million, more than four times the previous 12 months

The UK’s data protection watchdog issued fines worth a combined £1.8 million in the last 12 months, more than four times as much as it did in the previous year, according to a study by independent finance provider Syscap.

The Information Commissioner’s Office issued 15 monetary penalty notices worth £1.8 million in the last 12 months ending June 30, compared to just six fines worth £431,000 in the previous year, Syscap found.

The regulator also issued 68 warning notices for data security lapses in the last year (to June 30 2012), up 48% from 46 the previous year, according to the study.

Syscap pointed out that the majority of fines have been against public bodies, but warned that the ICO’s more aggressive stance could apply to any organisation.

“Small businesses are increasingly falling foul of the ICO. It’s clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously,” said Syscap chief executive Philip White.

“Businesses need to make sure that the correct safeguards are in place in order to secure their data, or they could be at risk of hefty fines in the near future,” he said.

The ICO takes five steps to determine the appropriate amount of a monetary penalty. These are the seriousness of the contravention, aggravating and mitigating factors, the financial impact on the data controller, the underlying objectives and a final determination.

The regulator recently published guidelines for charities and small-to-medium-sized organisations wanting to tighten up data practices and urged them to apply for a free data protection “health checkup” to avoid being hit by hefty fines.